Conti Ransomware Looks to Wipe Victim Backups

Security company Advanced Intelligence published a recent report focusing on the newest developments surrounding the Conti ransomware gang. The researchers highlighted the gang's new focus on backup destruction as a way to exert extra pressure on the victim and motivate them to pay the ransom.

Conti is one of the most infamous ransomware gangs, known for being completely unscrupulous when it comes to choosing its victims. While some groups like DarkSide would at least try to play Robin Hood and attempt to justify their criminal actions by boasting about how they never attack educational and healthcare institutions, Conti on the other hand have pulled off attacks on a number of hospitals and other healthcare entities. This sort of attack is never only about the monetary damage, as there is always the threat of loss of human life.

According to the researchers, Conti are now specifically looking for affiliates that are particularly good at wiping out victim backups. The criminal gang is specifically targeting one backup creation and management application, produced by software company Veeam.

Conti uses a number of tools when infiltrating networks that have become common in the ransomware landscape. Attacks involve Cobalt Strike beacons, as well as other legitimate tools used to gain a foothold on the compromised network and achieve persistence.

The kicker is that once Conti operators get their hands on a privileged backup user account, they can do anything they please with the backups. The report published by Advanced Intelligence elicited an official statement from Veeam - the company whose backup tools Conti seeks to circumvent.

Veeam stated that if the ransomware operators manage to get hold of a privileged domain admin account, there is nothing in the world that can stop them from wiping the victim's backups. No amount of patching or new features can stop this, so instead, Veeam recommends that all its customers run the backup application off a separate domain, so that compromising the primary domain does not spell certain doom for the backups as well.

Conti was the ransomware gang behind the attacks on Ireland's health services network that caused millions in damages and nearly crippled the country's healthcare digital systems for days on end.

By Zaib
September 30, 2021
Computer Security
English
September 30, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Remove Coms Ransomware

The Coms Ransomware is a file-locker that you do not want to deal with. It is part of the infamous Dharma Ransomware family, and users who fall victim to its attack will not have access to a free decryptor. This... Read more

May 13, 2021
Ransomware

Remove Pcqq Ransomware

Pcqq ransomware locks files and adds the '.pcqq' extension to their name. It then leaves a ransom note extorting the victim for money. The threat may be spread through pirated downloads, malicious ads, malicious email... Read more

May 10, 2021
Ransomware

Remove Mcburglar Ransomware

The Mcburglar Ransomware is a malicious application whose developers are delivering to their victims via phishing emails, torrent downloads, pirated media and software, and other deceptive digital content. But what... Read more

June 9, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.